Chilling Thoughts

Email this article

To*

Please enter your email address*

Subject*

Comments*

Risk, like luck, comes in two varieties: good and bad. The latter you hope to
avoid, the former to capitalize on. Lately, however, there’s been precious little capitalizing. Companies have been decidedly risk-averse for years, accumulating piles of cash and returning it to shareholders rather than investing it in new products or ventures.

Many critics of regulation have claimed that one reason for this uncharacteristic caution has been the “chilling effect” of the Sarbanes-Oxley Act. Now researchers at the University of Pittsburgh have put that
theory to the test, and have concluded
that it’s true.

Recommended Stories:

Or true-ish. Or maybe just
a coincidence, but if so a big one.
Leonce Bargeron, Kenneth Lehn,
and Chad Zutter looked at companies
in the United States and
the UK and assessed them on
both accounting variables (the
levels and types of investments
companies make) and stockbased
variables (for example,
returns, betas, and companyspecific
risk measures). They also
looked at data on initial public
offerings for both countries in an
effort to see whether Sarbox has,
as many speculate, driven companies
to pursue IPOs overseas,
and whether the companies that
do so tend to be more risk-based
(as measured by their researchand-
development expenditures).

Once the data was crunched on more
than 5,000 firms (split about 80/20 between
the United States and the UK), the team
concluded that risk-taking by U.S. firms has
declined significantly in the post-Sarbox era.
“We can’t nail it down to Sarbox,” says Bargeron,
an assistant professor of business
administration at Pitt (and a former CFO).
“In isolation, any of our measures could be
taken issue with, but together they create a
preponderance of evidence that is striking.”

Meanwhile, Sarbox was intended to
have a positive impact on negative risks, the
kind companies hope to avoid, by encouraging
a more rigorous assessment of high-risk
areas including finance and technology. But
a PricewaterhouseCoopers study has found that almost one in five
companies conducts no annual risk assessment, while a third conduct
multiple assessments but rarely share the results across departments.

“The cost of overseeing risk and compliance goes well beyond
Sarbox,” says Miles Everson, a PwC partner, “and often runs to hundreds
of millions of dollars a year.” Many companies have rushed to
create new positions or departments in response to specific demands,
creating huge duplication of effort. “When was the last time a newly
created job title wasn’t named after a regulation?” he asks. “You have
privacy officers, compliance officers, and new audit positions proliferating.”
By adopting a formal governance, risk, and compliance
(GRC) strategy, he says, companies can get faster efficiency — and free up employees to explore the strategic risks that companies should be
pursuing.